Playground for experiments with NPM packages development process using NPM Registry
Playground for experiments with NPM packages development process using NPM Registry.
npm login
then provide username, password, and email. NPM will store info, and npm whoami should work - return username. Details.
When package is ready to publish, NPM user should be logged in, and NPM should have tokens generated.
Look to ~/.npmrc file or run command npm token list:
┌────────┬─────────┬────────────┬──────────┬────────────────┐
│ id │ token │ created │ readonly │ CIDR whitelist │
├────────┼─────────┼────────────┼──────────┼────────────────┤
│ 8a0b90 │ 3bbc39… │ 2018-07-04 │ no │ │
├────────┼─────────┼────────────┼──────────┼────────────────┤
│ fd81e6 │ 283fec… │ 2018-07-04 │ no │ │
├────────┼─────────┼────────────┼──────────┼────────────────┤
│ 57700d │ e0bf40… │ 2018-03-15 │ no │ │
└────────┴─────────┴────────────┴──────────┴────────────────┘
Note:
3bbc39... is token generated by NodeJS v8.1.12 / npm v5.6.0 at my work machine.283fec... is token generated by NodeJS v10.4.0 / npm v.61.0 on my home machine.e0bf40... no idea, but some old token, generated time ago, in March 2018, when I played/tried with feby republish.There is manual approach to create TOKEN via npm token create, which asks ONLY for "npm password" and returns information about token:
┌────────────────┬──────────────────────────────────────┐
│ token │ 7f899... │
├────────────────┼──────────────────────────────────────┤
│ cidr_whitelist │ │
├────────────────┼──────────────────────────────────────┤
│ readonly │ false │
├────────────────┼──────────────────────────────────────┤
│ created │ 2018-07-04T16:01:29.041Z │
└────────────────┴──────────────────────────────────────┘
And npm token list now will show more tokens. And npm token delete 57700d will delete (invalidate) token from list.
Important to know, the format of content is key=value. Since maybe NodeJS 6, it's a standard:
init.author.name=Andrii Lundiak
strict-ssl=false
always-auth=false
user-agent="npm/6.1.0 node/v10.4.0 linux x64"
etc=abc
//custom-nexus.com/repository/my-hosted-npm-registry/:_authToken=NpmToken.11e11003-4be9-3367-baf5-c104c0ce466f
//registry.npmjs.org/:_authToken=4bac39b2-33e5-47be-88bd-ec668f28176c
But special format is for storing auth/token information:
// at the start and/ at the end of registry url (otherwise NPM will not recognize it as registry and will throw ENEEDAUTH or similar error.).:_authToken= and then,_authToken= regular UUID value.NpmToken..As turned out, _authToken as piece of authentication line in .npmrc file is created/used when NPM works locally, or anyhow but using npm adduser/login.
But, there is _auth dedicated field/key, which is expected to be base64 value of encoded pair username:password.
Here and here are mentioned how to use this approach on CI.
echo -n 'admin:admin123' | openssl base64 and then use base64 value in:.npmrc file content for dedicated field/key _auth:email=you@example.com ; required
always-auth=true ; optional
_auth=YWRtaW46YWRtaW4xMjM= ; required
Having such setup in .npmrc file, CI (Jenkins, Bamboo) can authentication every future npm commands like whoami, token, publsish, search.
npm version patch
will increase version field value in package.json, and commit file. Eg. 1.0.15 will be changed to 1.0.16. minor, major are also available.
Also git tag will be created. So next git push origin master --tags will push tags also.
And when npm publish executed, then new version/release will be published to NPM registry.
Doesn't work:
npm publish feby
Works:
npm publish
npm publish --access public
npm unpublish feby@1.0.7
npm unpublish feby@1.0.8
Note: If only one valid version used, that version can be unpublished as above command. Need to publish new version, and then unpublish previous, but might be needed to deprecate first:
$ npm unpublish feby@1.0.15
npm ERR! unpublish Failed to update data
npm ERR! code E400
npm ERR! You can no longer unpublish this version. Please deprecate it instead
npm ERR! npm deprecate feby@1.0.15 "this version has been deprecated" : 23-6b802899cf4e380475450040dee99124
$ npm deprecate feby@1.0.15
npm ERR! Usage: npm deprecate <pkg>[@<version>] <message>
$ npm deprecate feby@1.0.15 "old version"
$ npm deprecate feby@1.0.17 "old version"
$ npm unpublish feby@1.0.17
$ npm unpublish feby@1.0.18
Not sure how should this work properly.
Example of versions list on npmjs.com:
git tag -d 1.0.7 && git push origin :refs/tags/1.0.7
git tag -d 1.0.8 && git push origin :refs/tags/1.0.8
FAQs
Playground npm package for experiments with NPM packages development process using NPM Registry. Created in February, 2017, that is why 'Feby'.
The npm package feby receives a total of 0 weekly downloads. As such, feby popularity was classified as not popular.
We found that feby demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Security researchers report widespread abuse of OpenClaw skills to deliver info-stealing malware, exposing a new supply chain risk as agent ecosystems scale.
Security News
Claude Opus 4.6 has uncovered more than 500 open source vulnerabilities, raising new considerations for disclosure, triage, and patching at scale.
Research
/Security News
Malicious dYdX client packages were published to npm and PyPI after a maintainer compromise, enabling wallet credential theft and remote code execution.